<?php
session_start();
include "library.php";

//If user has not logged in, redirect to login

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user presses logout key, close session and redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//If user is not admin, redirect

if($_SESSION["position"] != 1){
  header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 3);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//Provide a list of all pending accounts with a check box in the last col for approve or disapprove

$query = sprintf("SELECT * FROM Users WHERE Approved = 0 LIMIT 10");
$r = dbquery($query);
//Display in a table format
echo "<table id =\"infotable\"><tr><th>First Name</th><th>Last Name</th><th>User ID</th><th>Position</th><th>Decision</th></tr>";
echo "<form method = \"POST\">";
$count = 0;

//While there are users to display, display

while($results = mysql_fetch_object($r)){
    
  //Get a text format of what type of user

  $string_position = "";
  
  //Edit string based on position
 
  if($results->Position == 1){
    $string_position = "Admin";
  } else if($results->Position == 2){
    $string_position = "Lead Researcher";
  } else if($results->Position == 3){
    $string_position = "Researcher";
  }
	
  //Output all of the data and unique buttons with the userNum as the identifier
	
  echo "<tr><td>$results->FirstName</td><td>$results->LastName</td><td>$results->UserID</td><td>$string_position</td><td><INPUT TYPE = \"radio\" NAME = \"PermDec".$results->UserNum."\" VALUE = \"1\">Approve<INPUT TYPE = \"radio\" NAME = \"PermDec".$results->UserNum."\" VALUE = \"2\">Deny<INPUT TYPE = \"radio\" NAME = \"PermDec".$results->UserNum."\" CHECKED VALUE = \"0\">Do Later</td></tr>";
	
  //Store the ID's that were displayed so we can check the results of the radio buttons

  $userNum[$count] = $results->UserNum;
  $count++;
}
echo "</table><BR><BR>";

//Displays a button to submit choices

?>
<INPUT TYPE = "submit" NAME = "Submit" VALUE = "Submit"/>
</form>
<?php

//If the user submitted decisions, process them 

$count_loop = 0;
if(isset($_POST["Submit"])){

  //While there are this to process, process
	
  while($count_loop < $count){

    //Perform a query to update the user entries
		
    $userNumID = $userNum[$count_loop];
    $query = sprintf("UPDATE Users SET Approved = %s WHERE UserNum = %s",
	mysql_real_escape_string($_POST["PermDec".$userNumID.""],$pwdb),
	mysql_real_escape_string($userNumID,$pwdb));
    dbquery($query);
    $count_loop++;
         
    //Perform query to get user email address and name
    
    $queryEmail = sprintf("SELECT * FROM Users WHERE UserNum = '%s'",
	mysql_real_escape_string($userNumID,$pwdb));
    $resultsEmail = dbquery($queryEmail);
    $EmailOb = mysql_fetch_object($resultsEmail);

    //This is where the Mail Transport Agent needs to be used to send an email, it is easy to program but difficult to configure within RPI's network
    
    if($_POST["PermDec".$userNumID.""] == 1){
      $message = sprintf("Hi ".$EmailOb->FirstName.",\nYour account has been approved for use.\n\nhttp://physfiles.myrpi.org/TEAMSCI/ \n\n Sincerly,\nStaff");
      mail($EmailOb->Email,"Phys-Files Account Information",$message);
    } else if($_POST["PermDec".$userNumID.""] == 2){
      $message = sprintf("Hi ".$EmailOb->FirstName.",\nYour account has been denied for use.\n\nhttp://physfiles.myrpi.org/TEAMSCI/ \n\n Sincerly,\nStaff");
      mail($EmailOb->Email,"Phys-Files Account Information",$message);
	    
      //Now that denial email has been sent we can delete the user from the database
	   
      $queryDel = sprintf("DELETE FROM Users WHERE UserNum = %s",
	 mysql_real_escape_string($EmailOb->UserNum,$pwdb));
      dbquery($queryDel);
    }
  }


//Redirect user to same page, but it will be reloaded to reflect his recent selections

echo "<script>location.href='UserPend.php'</script>";

}
print_footer();
?>